For the past several years, there has been a focus by integrators and customers to assure that their card-based access control systems are secure. To give businesses an extra incentive to meet their cybersecurity threats, the Federal Trade Commission (FTC) has decided to hold the business community responsible for failing to implement good cybersecurity practices and is now filing lawsuits against those that don't.
For instance, the FTC filed a lawsuit against D-Link and its U.S. subsidiary, alleging that it used inadequate safeguards on its wireless routers and IP cameras that left them vulnerable to hackers.Many companies perceive that they are safer with a card but, if done correctly, the mobile can be a far more secure option
Now, as companies are learning how to protect card-based systems, such as their access control solutions, along comes mobile access credentials and their readers which use smart phones instead of cards as the vehicle for carrying identification information. Many companies perceive that they are safer with a card but, if done correctly, the mobile can be a far more secure option with many more features to be leveraged.
Handsets deliver biometric capture and comparison as well as an array of communication capabilities from cellular and Wi-Fi to Bluetooth LE and NFC. As far as security goes, the soft credential, by definition, is already a multi-factor solution.
Types of access control authentication
Access control authenticates you by following three things:
Recognises something you have (RFID tag/card/key),
Recognises something you know (PIN) or
Recognises something you are (biometrics).
Your smart phone has all three authentication parameters. This soft credential, by definition, is already a multi-factor solution. Your mobile credentials remain protected behind a smart phone's security parameters, such as biometrics and PINs. Organisations want to use smart phones in their upcoming access control implementations Once a biometric, PIN or password is entered to access the phone, the user automatically has set up 2-factor access control verification - what you know and what you have or what you have and a second form of what you have.
To emphasise, one cannot have access to the credential without having access to the phone. If the phone doesn’t work, the credential doesn’t work. The credential operates just like any other app on the phone. The phone must be “on and unlocked.” These two factors – availability and built-in multi-factor verification – are why organisations want to use smart phones in their upcoming access control implementations.
Smart phone access control is secure
Plus, once a mobile credential is installed on a smart phone, it cannot be re-installed on another smart phone. You can think of a soft credential as being securely linked to a specific smart phone. Similar to a card, if a smart phone is lost, damaged or stolen, the process should be the same as with a traditional physical access credential. It should be immediately deactivated in the access control management software - with a new credential issued as a replacement.
Your mobile credentials remain protected behind a smart phone's security parameters, such as biometrics and PINs
Leading readers additionally use AES encryption when transferring data. Since the Certified Common Criteria EAS5+ Computer Interface Standard provides increased hardware cybersecurity, these readers resist skimming, eavesdropping and replay attacks.
When the new mobile system leverages the Security Industry Association's (SIA) Open Supervised Device Protocol (OSDP), it also will interface easily with control panels or other security management systems, fostering interoperability among security devices.All that should be needed to activate newer systems is simply the phone number of the smart phone
Likewise, new soft systems do not require the disclosure of any sensitive end-user personal data. All that should be needed to activate newer systems is simply the phone number of the smart phone.
Bluetooth and NFC the safer options
Bottom line - both Bluetooth and NFC credentials are safer than hard credentials. Read range difference yields a very practical result from a security aspect. First of all, when it comes to cybersecurity, there are advantages to a closer read range. NFC eliminates any chances of having the smart phone unknowingly getting read such as can happen with a longer read range.
There are also those applications where multiple access readers are installed very near to one-another due to many doors being close. One reader could open multiple doors simultaneously. The shorter read range or tap of an NFC enabled device would stop such problems. However, with this said in defence of NFC, it must also be understood that Bluetooth-enabled readers can provide various read ranges, including those of no longer than a tap as well.
One needs to understand that there are also advantages to a longer reader range capability. Since NFC readers have such a short and limited read range, they must be mounted on the unsecure side of the door and encounter all the problems such exposure can breed. Conversely, Bluetooth readers mount on the secure sides of doors and can be kept protected out of sight.
Aging systems could cause problems
Research shows that Bluetooth enabled smart phones are continuing to expand in use to the point where those not having them are already the exceptions With that said, be aware. Some older Bluetooth-enabled systems force the user to register themselves and their integrators for every application. Door access – register. Parking access – register again. Data access – register again, etc.
Newer solutions provide an easier way to distribute credentials with features that allow the user to register only once and need no other portal accounts or activation features. By removing these additional information disclosures, vendors have eliminated privacy concerns that have been slowing down acceptance of mobile access systems.
In addition, you don’t want hackers listening to your Bluetooth transmissions, replaying them and getting into your building, so make very sure that the system is immunised against such replays. That’s simple to do. Your manufacturer will show you which system will be best for each application. Research shows that Bluetooth enabled smart phones are continuing to expand in use to the point where those not having them are already the exceptions. They are unquestionably going to be a major component in physical and logical access control.
Gartner suggests that, by 2020, 20 percent of organisations will use mobile credentials for physical access in place of traditional ID cards. Let’s rephrase that last sentence. In less than 18 months, one-fifth of all organisations will use the smart phone as the focal point of their electronic access control systems. Not proximity. Not smart cards. Phones!

Throughout the UK there are many examples of smart city transformation, with key industries including transport, energy, water and waste becoming increasingly ‘smart’.
A smart city is a one that uses information and communication technologies to increase operational efficiency, share information with the public and improve both the quality of government services and resident welfare. Smart access is an important step forward in providing technologically advanced security management and access solutions to support the ambitions of smart cities and their respectively smart industries.
Explaining smart access
If we used the standard definition of smart, it would be to use technology to monitor, control and manage access, but the technology must be adapted to both the physical and management characteristics of smart cities.
Smart access is an important step forward in providing advanced security management and access solutions to support the ambitions of smart cities
For example, it would not make sense to install an iris biometric sensor at an isolated water storage tank, which is out in the open and may not even have electrical power. Nor would a permissions management system work, one that does not let you update permissions simply and easily and cannot be customised.
With high volumes of people entering and exiting different areas of the city, it is important to be able to trace who has been where, when and for how long. Advanced software suites can provide access to all operations performed by users, including a complete audit trail. This information is often used by business owners or managers for audits, improvements or compliance.
When initiating a new access control system it is important that the supplier and customer work together to understand:
Who can enter a secure area
Where in the building each individual has access to
When an individual can enter a secure area
How an individual will gain access to a secure area
This information can be crucial in the event of a security breach, enabling investigators to find out who was the last known key holder in the building and what their movements were whilst there.
Installing an electronic lock does not require electrical power or batteries, much less a connection to send information
Modernising locks and keys
Installing an electronic lock does not require electrical power or batteries, much less a connection to send information, which means that it can be installed on any door as you would a mechanical lock without maintenance requirements.
Permissions are stored within an intelligent key. If you have authorisation for that lock, it will open. If you don’t, you won’t be allowed to enter and all of the activity carried out by the key will be recorded.
You can update permissions from a computer or using an app on a mobile phone at the time of access, which will update the key's permissions via Bluetooth. This allows shortened validity periods, constrains movements to be in line with company access policy and removes travel and fixed authoriser costs. This then delivers increased flexibility and higher levels of security.
Remote access control utilities
Access rights can be set at any time and on any day, and if required can allow access on just one specific occasion
Using an app improves access control by updating access rights in real time with the Bluetooth key. It also provides notification of lost keys, joint management of access schedules, protection of isolated workers and much more. Combined with new technological solutions, an app allows contextual information to be sent, such as on-site presence, duration of an operation, authorisations and reporting of anomalies.
Access rights can be set at any time and on any day, and if required can allow access on just one specific occasion, for example to repair a failure. Access can be restricted to enable entry only during working hours, for example.
Permissions can be granted for the amount of time required, which means that if permission is requested to access a site using a mobile app, the company should be able to access it, for example, in the next five minutes.
Once this time has passed, the permission expires and, if a key is lost or it is stolen, they will not be able to access the site. The rules for granting permissions are infinite and easily customisable, and the system is very efficient when they are applied; as a result, the system is flexible and adapted to suit company processes and infrastructures.
Using an app improves access control by updating access rights in real time with the Bluetooth key
Finding applications to create solutions
In many cases, companies themselves find new applications for the solution, such as the need to obtain access using two different keys simultaneously to prevent a lone worker from accessing a dangerous area.
The software that manages access makes it smart. It can be used from a web-based access manager or through personalised software that is integrated within a company's existing software solution, to automatically include information, such as the employee's contractual status, occupational risk prevention and the existence of work orders.
In some companies, the access management system will help to further improve service levels by integrating it with the customer information system, allowing to link it for instance with alarms managers, intrusion managers or HR processes.
With over one million access points currently secured worldwide, this simple and flexible solution will play a strategic role in the future of security.

2017 saw an opportunity for the economy to have a strong stock market, which provided companies confidence to invest in and update their infrastructure. This included many replacing older access control systems and moving to more integrated solutions for better connectivity between all security-related systems.
We anticipate commercial businesses to invest in infrastructure, which will include security systems and technologies. Each year there is an increase in random violent incidents, which in turn drives more awareness of the need for security. These factors will create opportunity across most, if not all, verticals.
Best-of-breed solutions
The ability for access control to integrate with other critical systems will be more widely required. The ability to integrate with best-of-breed solutions will be increasingly important, especially given the fact that the majority of system users have existing technologies (video, intrusion, audio, etc.).
Being able to have an access control software that has the flexibility to accommodate these systems without having to replace them is extremely valuable, and cost-saving to businesses and organisations.
Open Options has had a very successful 2017, full of company and business growth. The company hired six additional team members to accommodate success in the marketplace and better serve their customers and dealer channel. From a product standpoint, Open Options released version 7 of their flagship DNA Fusion access control platform, and executed numerous technology integrations with industry leaders. In 2018, the company looks forward to continuing to provide cutting-edge access control solutions to their customers across all verticals.